Generating a Key and CSR and Obtaining and Registering a Certificate
As a certificate generated on the machine does not have a signature from a certificate authority, the machine may not be able to communicate depending on the communicating device. In this case, registering a signed certificate issued by a certificate authority to the key enables communication even with a self-generated key.
For the certificate authority to issue a signed certificate, you must make a request attached with a Certificate Signing Request (CSR) file. The machine generates a CSR at the same time it generates a key.
For information about the algorithm of the key and CSR that can be generated by the machine, see the self-generated key and CSR specifications.
Keys and CertificatesGenerating a Key and CSR
Generate a key and CSR using Remote UI from a computer. You cannot use the control panel to generate a key and certificate.
Administrator privileges are required.
1
Log in to Remote UI as an administrator.
Starting Remote UI2
On the Portal page of Remote UI, click [Settings/Registration].
Remote UI Portal Page3
Click [Device Management]
[Key and Certificate Settings].
The [Key and Certificate Settings] screen is displayed.
4
Click [Generate Key]
[Key and Certificate Signing Request (CSR)].
The [Generate Key and Certificate Signing Request (CSR)] screen is displayed.
5
Enter the name of the key, and select the signature and key algorithms.
Enter the key name using alphanumeric characters.
For the key generation algorithm, select [RSA] or [ECDSA], and select the key length from the pulldown menu. The longer the key length, the better the security, but this slows down communication processing.
6
In [Certificate Signing Request (CSR) Settings], set the CSR information.
[Country/Region]
Select [Select Country/Region Name], and then select the country or region from the pulldown menu, or select [Enter Internet Country Code], and enter the country code.
[State], [City], [Organization], and [Organization Unit]
Enter the items as needed using alphanumeric characters.
[Common Name]
Enter the name of the certificate subject using alphanumeric characters, as needed. This corresponds to the Common Name (CN).
[Issued To (Alternate Name)]
Enter the IP address or domain to be set for the Subject Alternative Name (SAN), as needed.
If you are not configuring the [Issued To (Alternate Name)] setting, select the [Do Not Set] checkbox.
Only IPv4 addresses can be set in [IP Address].
7
Click [OK].
The [Key and Certificate Signing Request (CSR) Details] screen is displayed.
8
Click [Store in File] to store the CSR file to a computer.
9
Log out from Remote UI.
10
Submit the application with CSR file attached to the certificate authority.
NOTE
When the CSR is generated, the key is registered to the machine, but it cannot be used until the certificate issued by the certificate authority is registered.
Registering a Certificate Issued by a Certificate Authority to a Key
Register the certificate using Remote UI from a computer. You cannot use the control panel to register this.
Administrator privileges are required.
1
Log in to Remote UI as an administrator.
Starting Remote UI2
On the Portal page of Remote UI, click [Settings/Registration].
Remote UI Portal Page3
Click [Device Management]
[Key and Certificate Settings].
The [Key and Certificate Settings] screen is displayed.
4
Click the key name (or certificate icon) to which to register the certificate.
The [Key and Certificate Signing Request (CSR) Details] screen is displayed.
5
Click [Register Certificate].
6
Click [Choose File], and specify the file of the certificate issued by the certificate authority.
7
Click [Register].
The icon of the certificate displayed in the list of keys and certificates on the [Key and Certificate Settings] screen changes from [
] to [
].
8
Log out from Remote UI.
NOTE
Viewing and Verifying Detailed Information of a Registered Certificate
In the list of keys and certificates on the [Key and Certificate Settings] screen, click the key name (or certificate icon) to display the certificate details.
On the certificate details screen, click [Verify Certificate] to verify that the certificate is valid.
When the Key and Certificate Cannot Be Deleted
You cannot delete a key and certificate being used. Disable the function being used, or delete these after switching to another key and certificate.